Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Plex - Custom domain name + https?

Featured Replies

I have recently set up UnRaid mostly following "SpaceInvader One's" youtube videos.

 

In particular this one - 

 

 

I struggled a lot to get it set up initially until I eventually realise that I could not port forward to WAN due to Carrier Grade NAT. I managed to get in contact with my ISP who were able to sort me out with a static IP.

 

I have since managed to get https and my domain name working with LetsEncrypt and Nextcloud.

NextCloud.thumb.png.77501c96f5ac5aeeeec43328c1eee3d3.png

 

However, I cannot seem to get Plex working with https and my domain name.

 

It have managed to set it up behind the reverse proxy like so:

 

 

Plex_Ports.thumb.png.e639caccc82be5f21a1a62382fee306b.png

 

And if I open up Plex I it is shows the green tick for Remote Access and I can connect remotely with my phone, etc.

 

However, the last piece of the puzzle I have struggled with over the last month is:

 

  • HTTPS - How to get https working using Let's Encrypt?
  • Domain Name - How to set up Plex such that I can access it by simply going to "plex.mydomainname.com" in my browser?

 

(I have pfSense running on my router with port 32400 forward to my UnRaid server).

 

I assume I am probably missing something relatively obvious...

 

Edited by Ntouchable
Wrong Picture

  • Author

I managed to fix this eventually in the following way:

 

  1. Mounted Let'sEncypt config files to inside the Plex docker config in the following manner: /letsencrypt = /mnt/user/data/letsencrypt/
  2. Plex settings in browser > Network > 
    1. Custom certificate location = /letsencrypt/keys/letsencrypt/privkey.pfx
    2. Custom certificate encryption key = /letsencrypt/keys/letsencrypt/privkey.pem
    3. Custom certificate domain = plex.XXXXXX.com
    4. Custom server access URLs = https://plex.XXXXXX.com:443
  3. In the file in /mnt/appdata/letsencrypt/nginx/proxy-confs/plex.domain.conf > change the line "proxy_pass https://$upstream_plex:32400" to proxy_pass https://UnRaidServerIP:32400
  4. Optional - 301 redirect so that it forces https - Go to /mnt/appdata/letsencrypt/nginx/site-confs/default > remove the "#" signs next to the code: server {
        listen 80;
        server_name _;
        return 301 https://$host$request_uri;
    }
  5. Optional - Plex UI in browser > Network > Secure connections = Required.

 

Hope this helps someone out there.

 

  • 1 month later...

Thanks for the info, this is exactly what I am trying to do.  

 

I have a question about your solution for Plex.  

 

Quote

3.  In the file in /mnt/appdata/letsencrypt/nginx/proxy-confs/plex.domain.conf > change the line "proxy_pass https://$upstream_plex:32400" to proxy_pass https://UnRaidServerIP:32400

Doesn't this bypass the nginx proxy and just go to the plex instance on the unraid server?

 

I got emby to work with the following nginx proxy conf:

 

# make sure that your dns has a cname set for emby, if emby is running in bridge mode, the below config should work as is, although,
# the container name is expected to be "emby", if not, replace the line "set $upstream_emby emby;" with "set $upstream_emby <containername>;"
# for host mode, replace the line "proxy_pass http://$upstream_emby:8096;" with "proxy_pass http://HOSTIP:8096;" HOSTIP being the IP address of emby
# in emby settings, under "Advanced" change the public https port to 443, leave the local ports as is, set the "external domain" to your url,
# and set the "Secure connection mode" to "Handled by reverse proxy"
# to enable password access, uncomment the two auth_basic lines

server {
    listen 443 ssl;

    server_name emby.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_emby binhex-emby;
        proxy_pass http://$upstream_emby:8096;
        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

I'm trying to do the same with plex, but when I do, it doesn't remotely connect.

Edited by lewispm
Added emby conf

Ok, just tried it again, and actually read the subdomain conf comments at the top and I figured it out.

 

Here's what I did, in case you want to do the same:

 

1. under the config for the letsencrypt docker, add plex as a subdomain. Apply, then check the logs that it accepted it, and says "server ready" at the bottom.

2. config for plex docker, select proxynet as network.  ( I think you already have this)

3. edit /appdata/letsencrypt/nginx/proxy-confs/plex.subdomain.conf.sample

 

# make sure that your dns has a cname set for plex, if plex is running in bridge mode, the below config should work as is, for host mode,
# replace the line "proxy_pass https://$upstream_plex:32400;" with "proxy_pass https://HOSTIP:32400;" HOSTIP being the IP address of plex
# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name plex.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;
    proxy_redirect off;
    proxy_buffering off;

    # enable for ldap auth, fill in ldap details in ldap.conf
    #include /config/nginx/ldap.conf;


    location / {
        # enable the next two lines for http auth
        #auth_basic "Restricted";
        #auth_basic_user_file /config/nginx/.htpasswd;

        # enable the next two lines for ldap auth
        #auth_request /auth;
        #error_page 401 =200 /login;

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_plex plex;
        proxy_pass http://$upstream_plex:32400;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
        proxy_set_header X-Plex-Device $http_x_plex_device;
        proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
        proxy_set_header X-Plex-Platform $http_x_plex_platform;
        proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
        proxy_set_header X-Plex-Product $http_x_plex_product;
        proxy_set_header X-Plex-Token $http_x_plex_token;
        proxy_set_header X-Plex-Version $http_x_plex_version;
        proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
        proxy_set_header X-Plex-Provides $http_x_plex_provides;
        proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
        proxy_set_header X-Plex-Model $http_x_plex_model;
    }
}

I didn't have to change this file, but if your plex docker is different than "plex" (i.e. binhex-plex) you'll have to edit that under "set $upstream_plex"

 

4. Save this file BUT REMOVE THE .sample from the file name.

 

5.  As per the last line in the comments of this file - go into plex settings and :


# in plex server settings, under network, fill in "Custom server access URLs" with your domain (ie. "https://plex.yourdomain.url:443")

 

Then I navigated to plex.mydomain.com and it worked.

 

Hope it helps!

  • 4 months later...

Hi,

I followed the same videos from SpaceInvaderOne... but only for Nextcloud.

 

I do have my own domain, and the LetsEncrypt docker is configured for all my subdomains.

 

Now, when trying to change my Plex Docker to work via LetsEncrypt, when changing the docker network from custom:br0 (I configured a static IP) to proxynet, it doesn't assign a IP to the docker (actually ANY other network setting doesn't provide an IP) and when trying to start it on 'proxynet', show 'server error'

 

Putting it back to the br0 network, with a static IP, and just changing the Letsencrypt plex.subdomain.conf file, I get '502 Bad Gateway'.

With this method, I changed the 'proxy_pass' setting to $upstream_plex and the static IP of the docker, but still same error. (and yes, restarting letsencrypt for changes to take effect)

I would prefer to keep my static IP....but if no other way, I will change.

 

Any ideas? or am I missing something small??

 

 

Edited by TheMannequin
more info added

  • 2 weeks later...
On 9/11/2019 at 11:22 AM, TheMannequin said:

Hi,

I followed the same videos from SpaceInvaderOne... but only for Nextcloud.

 

I do have my own domain, and the LetsEncrypt docker is configured for all my subdomains.

 

Now, when trying to change my Plex Docker to work via LetsEncrypt, when changing the docker network from custom:br0 (I configured a static IP) to proxynet, it doesn't assign a IP to the docker (actually ANY other network setting doesn't provide an IP) and when trying to start it on 'proxynet', show 'server error'

 

Putting it back to the br0 network, with a static IP, and just changing the Letsencrypt plex.subdomain.conf file, I get '502 Bad Gateway'.

With this method, I changed the 'proxy_pass' setting to $upstream_plex and the static IP of the docker, but still same error. (and yes, restarting letsencrypt for changes to take effect)

I would prefer to keep my static IP....but if no other way, I will change.

 

Any ideas? or am I missing something small??

 

 

Hi

 

Did you manage to come right, getting exactly the same issue, bad gateway

Running the plex official docker.

 

and with the following setting in plexsubdomain config

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_plex PlexMediaServer;
        proxy_pass http://192.168.0.21:32400;

 

Hi,

 

I got it working....but not with the official container...

I changed my docker to the linuxserver one.

I installed the Trakt.tv plug-in on (old) Plex, synced my watched up to Trakt.tv, installed the new linuxserver docker, installed trakt.tv and synced it down to my server again.

 

Now I can add it to the custom network (proxynet) or normal and it works fine!

 

Not the best way, but that's how I got round the problem.

 

 

On 9/21/2019 at 5:54 PM, Pure said:

Hi

 

Did you manage to come right, getting exactly the same issue, bad gateway

Running the plex official docker.

 

and with the following setting in plexsubdomain config

        include /config/nginx/proxy.conf;
        resolver 127.0.0.11 valid=30s;
        set $upstream_plex PlexMediaServer;
        proxy_pass http://192.168.0.21:32400;

 

 

  • 3 months later...

Is it required that you add the letencrypt certificates to plex?

  • 1 month later...
  • 2 months later...
On 3/26/2019 at 1:43 PM, Ntouchable said:

I managed to fix this eventually in the following way:

 

  1. Mounted Let'sEncypt config files to inside the Plex docker config in the following manner: /letsencrypt = /mnt/user/data/letsencrypt/
  2. Plex settings in browser > Network > 
    1. Custom certificate location = /letsencrypt/keys/letsencrypt/privkey.pfx
    2. Custom certificate encryption key = /letsencrypt/keys/letsencrypt/privkey.pem
    3. Custom certificate domain = plex.XXXXXX.com
    4. Custom server access URLs = https://plex.XXXXXX.com:443
  3. In the file in /mnt/appdata/letsencrypt/nginx/proxy-confs/plex.domain.conf > change the line "proxy_pass https://$upstream_plex:32400" to proxy_pass https://UnRaidServerIP:32400
  4. Optional - 301 redirect so that it forces https - Go to /mnt/appdata/letsencrypt/nginx/site-confs/default > remove the "#" signs next to the code: server {
        listen 80;
        server_name _;
        return 301 https://$host$request_uri;
    }
  5. Optional - Plex UI in browser > Network > Secure connections = Required.

 

Hope this helps someone out there.

 

Thank you for this!!!!!

  • 2 months later...
On 3/26/2019 at 6:43 PM, Ntouchable said:

I managed to fix this eventually in the following way:

 

  1. Mounted Let'sEncypt config files to inside the Plex docker config in the following manner: /letsencrypt = /mnt/user/data/letsencrypt/
  2. Plex settings in browser > Network > 
    1. Custom certificate location = /letsencrypt/keys/letsencrypt/privkey.pfx
    2. Custom certificate encryption key = /letsencrypt/keys/letsencrypt/privkey.pem
    3. Custom certificate domain = plex.XXXXXX.com
    4. Custom server access URLs = https://plex.XXXXXX.com:443
  3. In the file in /mnt/appdata/letsencrypt/nginx/proxy-confs/plex.domain.conf > change the line "proxy_pass https://$upstream_plex:32400" to proxy_pass https://UnRaidServerIP:32400
  4. Optional - 301 redirect so that it forces https - Go to /mnt/appdata/letsencrypt/nginx/site-confs/default > remove the "#" signs next to the code: server {
        listen 80;
        server_name _;
        return 301 https://$host$request_uri;
    }
  5. Optional - Plex UI in browser > Network > Secure connections = Required.

 

Hope this helps someone out there.

 

This has just fixed what two days searching the Internet could not. THANK YOU!! 

  • 2 months later...

After setting up plex behind the reverse proxy does the Remote Access always show the Red ! and say not avaliable outside your network? Or does it mean I still have a problem to sort out?

NVM, found out that remote access check does not work when using custom URLS on the plex forum.

  • 7 months later...
On 3/26/2019 at 6:43 PM, Ntouchable said:

I managed to fix this eventually in the following way:

 

  1. Mounted Let'sEncypt config files to inside the Plex docker config in the following manner: /letsencrypt = /mnt/user/data/letsencrypt/
  2. Plex settings in browser > Network > 
    1. Custom certificate location = /letsencrypt/keys/letsencrypt/privkey.pfx
    2. Custom certificate encryption key = /letsencrypt/keys/letsencrypt/privkey.pem
    3. Custom certificate domain = plex.XXXXXX.com
    4. Custom server access URLs = https://plex.XXXXXX.com:443
  3. In the file in /mnt/appdata/letsencrypt/nginx/proxy-confs/plex.domain.conf > change the line "proxy_pass https://$upstream_plex:32400" to proxy_pass https://UnRaidServerIP:32400
  4. Optional - 301 redirect so that it forces https - Go to /mnt/appdata/letsencrypt/nginx/site-confs/default > remove the "#" signs next to the code: server {
        listen 80;
        server_name _;
        return 301 https://$host$request_uri;
    }
  5. Optional - Plex UI in browser > Network > Secure connections = Required.

 

Hope this helps someone out there.

 

This worked a treat for me as well using Nginx proxy manager - only tweaks were to update the docker config path which I specifically limited to read-only on the certificate folder for the plex certificate for a little extra security.

 

I also didn't need to do step 3 either and Plex is now working remotely via my own domain (including via web + android / tv apps).

 

My main question (part out of curiosity, part to ensure no gaping security risk) is what is the above actually implementing?

 

Is it that we effectively have SSL encryption from REMOTE DEVICE<->NGINX SERVER which is then reverse proxied but encrypted again between NGINX SERVER<->PLEX SERVER? (i.e. there is in essence one superfluous extra encryption running on the plex server in contrast to a typically https->http reverse proxy)

  • 3 years later...
On 5/24/2021 at 7:59 AM, Ptolemyiv said:

This worked a treat for me as well using Nginx proxy manager - only tweaks were to update the docker config path which I specifically limited to read-only on the certificate folder for the plex certificate for a little extra security.

 

I also didn't need to do step 3 either and Plex is now working remotely via my own domain (including via web + android / tv apps).

 

My main question (part out of curiosity, part to ensure no gaping security risk) is what is the above actually implementing?

 

Is it that we effectively have SSL encryption from REMOTE DEVICE<->NGINX SERVER which is then reverse proxied but encrypted again between NGINX SERVER<->PLEX SERVER? (i.e. there is in essence one superfluous extra encryption running on the plex server in contrast to a typically https->http reverse proxy)

 

Would you mind posting your guide for Nginx proxy manager when you have a moment?

Reviewing this specific guide, the paths posted are for letsencrypt ... which differ for Nginx proxy manager.

 

Thank you.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.